SECTION 15 INFORMATION TECHNOLOGY
|
|
- Lionel Skinner
- 8 years ago
- Views:
Transcription
1 SECTION 15 INFORMATION TECHNOLOGY 15.1 Purpose 15.2 Authorization 15.3 Internal Controls 15.4 Computer Resources 15.5 Network/Systems Access 15.6 Disaster Recovery Plan (DRP)
2 15.1 PURPOSE The Navajo County Information Technology (IT) Policy is established to ensure that information systems and financial data are adequately safeguarded. Secure systems and data are achieved through the establishment of general and application controls. General controls apply to all IT functions and should achieve the following objectives: A. Effective management of IT resources. B. Adequate segregation of duties and responsibilities. C. Identification of hardware or system software malfunctions. D. Prevention of accidental record destruction. E. Restriction of access to IT resources, such as equipment, files, programs, documentation, and telecommunications. F. Effective systems and programs to prohibit unauthorized program change. G. Detection or prevention of accidental errors occurring during processing. H. Development and modification of IT-based accounting systems according to management and user reporting requirements. I. Consistent and reliable operation of the IT function. J. Adequate documentation and control of systems, programs, and instructions. Application controls are categorized as input, processing, and output controls and should achieve the following objectives: A. Maintain an adequate audit trail so transactions can be traced from inception to final disposition through the IT process and vice versa. B. Input date is appropriately authorized. C. Transactions are recorded accurately on the computer files. D. Data on files remains correct and current over an extended period. E. Computer-generated output is reconciled, checked for validity, and distributed to the appropriate recipients.
3 To properly prepare for a disaster policies and procedures should include the following: A. Formally assign disaster recovery coordinators from applicable departments to form a disaster recovery team. B. Require the creation and preservation of back-up data. C. Make provisions for the alternative processing of data following a disaster. D. Provide detailed procedures for restoring data files. E. Establish guidelines for the immediate aftermath of a disaster AUTHORIZATION A. Ensure security over computer systems and the data they contain to prevent or detect unauthorized use, damage, loss, or modification of programs, and misuse of information. 1. Limit logical access to authorized users of the County systems. 2. Use a standardized access request form for approval for access to the systems, and retain all access request forms with the supervisor s approval. 3. Eliminate access to computer systems promptly when an employee separates employment with the County. 4. Require users to change passwords at regular intervals, e.g., every 3 months, and to set passwords that include special characters and minimum length. 5. System controls to lock out users after more than three failed access attempts INTERNAL CONTROLS A. Internal controls support IT activities and help Navajo County to achieve the following objectives: 1. Effective management of computer resources. 2. Adequate segregation of duties and responsibilities. 3. Identification of hardware and system software malfunctions.
4 4. Restriction of access to IT resources, such as equipment, data, programs, documentation, and communication systems. 5. Effective systems and programs to prohibit unauthorized program change. 6. Adequate documentation and control of systems, programs, and instructions. 7. A periodic review of user access is conducted to ensure segregation of duties. 8. Elevated access as related to job duties is monitored electronically on an ongoing basis. B. Organization and operation controls provide segregation of functions, duties, and responsibilities so that no one individual performs incompatible duties. C. Navajo County has controls for the development and modification of each application system. IT systems are developed or modified according to management and user requirements. Requirements for systems development involve: 1. User representatives and designated management employees evaluate proposed systems at critical stages. 2. Segregation of duties for: a. Developing, implementing changes and testing. b. Authorizing and approving changes. 3. IT personnel will obtain final approval from users before placing a system into operation. 4. IT will establish procedures to authorize, test, implement, and document program changes after implementing the system to maintain its integrity. D. Maintain hardware and system software controls to identify malfunctions that occur in both the hardware and software. E. Access controls provide safeguards that allow only those individuals designed by management to use hardware, files, or programs. 1. Access to production data and program files will be controlled and limited where possible.
5 2. Management will limit computer hardware access to operators and assign hardware to specific employees. This data is maintained and verified in accordance with the capital asset policy 3. Access to hardware, files, and programs is limited and monitored through the following safeguards: a. Physical Security Devices b. Logical Security Techniques F. Data and procedural controls provide a framework for controlling daily operations and establishing safeguards against processing errors. 1. Written documentation of the various IT systems is maintained for users as applicable. 2. IT functions are reviewed and tested periodically to monitor the effectiveness of data and procedural controls. G. Contingency planning controls are designed to safeguard against the accidental loss or destruction of records, and to prevent interruption of IT operations. 1. Backup controls. Files, programs, and documentation are physically safeguarded by maintaining backup copies in an off-site storage facility. 2. Environmental controls. The storage site will be protected against safety hazards and environmental damage, as well as unauthorized access. 3. Disaster recovery controls. Navajo County has outlined disaster recovery controls extensively in the Information Technology Disaster Recovery Plan, a section in the Emergency Operations Plan COMPUTER RESOURCES A. The following general controls are implemented for personal computers, laptops, and tablets. 1. Physical security. In a personal computer environment, personal computers and equipment should be adequately protected against theft, unauthorized use, and environmental hazards. 2. Backup and recovery. Data files are mirrored daily so that at least a second copy is available for processing if the original file is lost or
6 destroyed. Backup copies of critical data files are stored in safe locations that are secure from hazards, such as fire or extreme heat. B. Virus Prevention and Detection The IT Department routinely evaluates network security and attempts to identify potential areas that are susceptible to threats NETWORK/SYSTSEMS ACCESS Network/systems access is requested, approved and granted through a formal process using the Systems Access Request Form in the appendix of this manual. This process applies to new employees or changes to access for existing employees DISASTER RECOVERY PLAN (DRP) A. Purpose. Governments provide many essential services to their citizens. The disruption of these services following a disaster could result in a significant harm or inconvenience to those whom government serves. State and local government have a duty to ensure that disruptions in the provision of essential services are minimized following a disaster. 1. Risk Assessment. All County systems are essential but are prioritized in the event of a disaster recovery. 2. Applicability. The Disaster Recovery Plan covers all essential and critical infrastructure elements, systems and networks. 3. Testing. The DRP is periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed. 4. Communication. All staff must be made aware of the disaster recovery plan and their own respective roles. Copies of the DRP are distributed to appropriate personnel. A copy is kept electronically at the Alternate Data Center. B. Objectives. The principal objective of the disaster recovery program is to develop, test and document a well-structured and easily understood plan which will help the county recover as quickly and effectively as possible from an unforeseen disaster or emergency which interrupts information systems and business operations. Additional objectives include the following: 1. The need to ensure that all employees fully understand their duties in implementing such a plan. 2. The need to ensure that operational policies are adhered to within all planned activities.
7 3. The need to ensure that proposed contingency arrangements are costeffective. 4. The need to consider implications on other county sites. C. Disaster recovery capabilities as applicable to key customers, vendors and others. Key Personnel Contact Info and the notification list are documented in the Emergency Operations Plan (EOC). D. Plan Updating. It is necessary for the DRP updating process to be properly structured and controlled. Whenever changes are made to the plan they are to be fully tested and appropriate amendments should be made to the training materials. This will involve the use of formalized change control procedures under the control of the IT Director. E. Backup Strategy. Navajo County has a fully mirrored recovery site at a remote location. The site is a fully mirrored duplicate site which will enable instantaneous switching between the live site (Holbrook Complex) and the remote backup site. F. Emergency Response. 1. Plan Triggering Events. In the event of the primary facility and/or normal operations failure the disaster recovery plan will be activated 2. Assembly Points. Where the premises need to be evacuated, the alternate data center is the assemble point G. Exercising/Testing. Plan exercising ensures that emergency teams are familiar with their assignments and that systems can be restored as planned. Random periodic testing of systems is performed and results of the testing are documented electronically.
IT Disaster Recovery Plan Template
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
More information<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP
IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement
More informationOffsite Disaster Recovery Plan
1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive
More informationClovis Municipal School District Information Technology (IT) Disaster Recovery Plan
Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information
More informationInformation Systems and Technology
As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons
More informationINFORMATION TECHNOLOGY CONTROLS
CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,
More informationPART 10 COMPUTER SYSTEMS
PART 10 COMPUTER SYSTEMS 10-1 PART 10 COMPUTER SYSTEMS The following is a general outline of steps to follow when contemplating the purchase of data processing hardware and/or software. The State Board
More informationCHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS
11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78
More informationDisaster Recovery Planning
Disaster Recovery Planning This is a brief guide, with a suggested table of contents, to help you get started with putting together your Disaster Recovery Plan (DRP) Pensar can assist you in completing
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationGeneral IT Controls Audit Program
Contributed February 5, 2002 by Paul P Shotter General IT Controls Audit Program Purpose / Scope Perform a General Controls review of Information Technology (IT). The reviews
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2001 LETTER NO.: 01-CU-21 TO: SUBJ: ENCL: All Federally Insured Credit Unions Disaster
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationData Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322
Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationHIPAA Information Security Overview
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
More informationIT - General Controls Questionnaire
IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationInternal Control Guide & Resources
Internal Control Guide & Resources Section 5- Internal Control Activities & Best Practices Managers must establish internal control activities that support the five internal control components discussed
More informationGAO INFORMATION SECURITY. Weak Controls Place Interior s Financial and Other Data at Risk. Report to the Secretary of the Interior
GAO United States General Accounting Office Report to the Secretary of the Interior July 2001 INFORMATION SECURITY Weak Controls Place Interior s Financial and Other Data at Risk GAO-01-615 United States
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationAppendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
More informationDETAIL AUDIT PROGRAM Information Systems General Controls Review
Contributed 4/23/99 by Steve_Parker/TBE/Teledyne@teledyne.com DETAIL AUDIT PROGRAM Information Systems General Controls Review 1.0 Introduction The objectives of this audit are to review policies, procedures,
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationState HIPAA Security Policy State of Connecticut
Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.
More informationBuild (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)
It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The
More informationInformation Systems Security Assessment
Physical Security Information Systems Security Assessment 1. Is the server protected from environmental damage (fire, water, etc.)? Ideal Answer: YES. All servers must be housed in such a way as to protect
More informationVolume UC DAVIS HEALTH SYSTEM. HIPAA Security Compliance Workbook. Multi User Guide
Volume 1 UC DAVIS HEALTH SYSTEM HIPAA Security Compliance Workbook Multi User Guide UC DAVIS HEALTH SYSTEM HIPAA Security Compliance Workbook Guide Table of Contents Introduction General Instructions SECTION
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationCircular to All Licensed Corporations on Information Technology Management
Circular 16 March 2010 Circular to All Licensed Corporations on Information Technology Management In the course of our supervision, it has recently come to our attention that certain deficiencies in information
More informationDisaster Preparedness & Response
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B C E INTRODUCTION AND PURPOSE REVIEW ELEMENTS ABBREVIATIONS NCUA REFERENCES EXTERNAL REFERENCES Planning - Ensuring
More informationDisaster Recovery Plan Checklist
Disaster Recovery Plan Checklist Your guide for setting up or updating a Disaster Recovery Plan for your business. ArcSource Disaster Recovery Plan Checklist 1. Compile Your Internal Contacts Information
More informationMusic Recording Studio Security Program Security Assessment Version 1.1
Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND
More informationHIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE
HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation
More informationHong Kong Baptist University
Hong Kong Baptist University Disaster Recovery Standard FOR INTERNAL USE ONLY Date of Issue: JULY 2012 Revision History Version Author Date Revision 1.0 Information Security Subcommittee (ISSC) July 2012
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationMARQUIS DISASTER RECOVERY PLAN (DRP)
MARQUIS DISASTER RECOVERY PLAN (DRP) Disaster Recovery is an ongoing process to plan, develop, test and implement changes, processes and procedures supporting the recovery of the critical functions in
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationBusiness Continuity Planning in IT
Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions
More informationOPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,
More informationUniversity of Aberdeen Information Security Policy
University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...
More informationU.S. Department of the Interior Office of Inspector General AUDIT REPORT
U.S. Department of the Interior Office of Inspector General AUDIT REPORT GENERAL CONTROL ENVIRONMENT OF THE FEDERAL FINANCIAL SYSTEM AT THE RESTON GENERAL PURPOSE COMPUTER CENTER, U.S. GEOLOGICAL SURVEY
More informationMontclair State University. HIPAA Security Policy
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
More informationCalifornia State University, Chico. Information Security Incident Management Plan
Information Security Incident Management Plan Version 0.8 January 5, 2009 Table of Contents Introduction... 3 Scope... 3 Objectives... 3 Incident Management Procedures... 4 Roles and Responsibilities...
More informationVMware vcloud Air HIPAA Matrix
goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory
More informationSAS 70 Exams Of EBT Controls And Processors
Appendix VIII SAS 70 Examinations of EBT Service Organizations Background States must obtain an examination by an independent auditor of the State electronic benefits transfer (EBT) service providers (service
More informationThe second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures
The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures to protect and secure a covered entity s electronic information
More informationContinuity Planning and Disaster Recovery
Responsible Officer: AVP - Information Technology Services & UC Chief Information Officer Responsible Office: IT - Information Technology Services Issuance Date: 7/27/2007 Effective Date: 7/27/2007 Scope:
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationSWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
More informationU.S. Department of the Interior's Federal Information Systems Security Awareness Online Course
U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationDISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS
Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationINFORMATION SECURITY PROGRAM
Approved 1/30/15 by Dr. MaryLou Apple, President MSCC Policy No. 1:08:00:02 MSCC Gramm-Leach-Bliley INFORMATION SECURITY PROGRAM January, 2015 Version 1 Table of Contents A. Introduction Page 1 B. Security
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationAdministrators Guide Multi User Systems. Calendar Year
Calendar Year 2012 Enter Facility Name Here HIPAA Security Compliance Workbook For Core Measure 15 of Meaningful Use Requirements Annual Risk Analysis Administrators Guide Multi User Systems 1 HIPPA Compliance
More informationThe Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014
The Practice of Internal Controls Cornell Municipal Clerks School July 16, 2014 Page 1 July 18, 2014 Cash Receipts (Collection procedures) Centralize cash collections within a department or for the local
More informationTECHNICAL SECURITY AND DATA BACKUP POLICY
TECHNICAL SECURITY AND DATA BACKUP POLICY PURPOSE Effective technical security depends not only on technical measures, but also on appropriate policies and procedures and on good user education and training.
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationThe Ministry of Information & Communication Technology MICT
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
More informationBirkenhead Sixth Form College IT Disaster Recovery Plan
Author: Role: Mal Blackburne College Learning Manager Page 1 of 14 Introduction...3 Objectives/Constraints...3 Assumptions...4 Incidents Requiring Action...4 Physical Safeguards...5 Types of Computer Service
More informationDRAFT Disaster Recovery Policy Template
DRAFT Disaster Recovery Policy Template NOTE: This is a boiler plate template much information is needed from to finalizeconsider this document pre-draft FOREWARD... 3 Policy Overview...
More informationBusiness Unit CONTINGENCY PLAN
Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...
More informationBME CLEARING s Business Continuity Policy
BME CLEARING s Business Continuity Policy Contents 1. Introduction 1 2. General goals of the Continuity Policy 1 3. Scope of BME CLEARING s Business Continuity Policy 1 4. Recovery strategies 2 5. Distribution
More informationDisaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery
Disaster Recovery 1.1 Introduction Every day, there is the chance that some sort of business interruption, crisis, disaster, or emergency will occur. Anything that prevents access to key processes and
More informationClinical Solutions. 2 Hour CEU
1 2 Hour CEU 2 Course Objectives The purpose of this program is to provide nurses with information about the Health Insurance Portability and Accountability Act (HIPAA), especially as it relates to protected
More informationICT & Communications Services Disaster & Recovery Plan
ICT & Communications Services Disaster & Recovery Plan Advanced IT Services with George Spencer Academy www.aitn.co.uk Advanced IT Services - Arthur Mee Road, Stapleford, Nottingham. NG9 7EW Email: info@advanceditservices.co.uk
More informationDisaster Recovery Planning Process
Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationMain Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications
Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications Suggested Reference : Senft, Sandra; Gallegos, Frederick., 2009.
More informationPBGC Information Security Policy
PBGC Information Security Policy 1. Purpose. The Pension Benefit Guaranty Corporation (PBGC) Information Security Policy (ISP) defines the security and protection of PBGC information resources. 2. Reference.
More informationUnion County. Electronic Records and Document Imaging Policy
Union County Electronic Records and Document Imaging Policy Adopted by the Union County Board of Commissioners December 2, 2013 1 Table of Contents 1. Purpose... 3 2. Responsible Parties... 3 3. Availability
More informationCUNY SCHOOL OF PROFESSIONAL STUDIES: DEPARTMENTAL RETENTION SCHEDULE 4/7/2014 OFFICE OF INFORMATION TECHNOLOGY
IT-1 Contracts/ Software Licenses/ Use Agreements General 6[6] IT-2 CUNY SCHOOL OF PROFESSIONAL STUDIES: DEPARTMENTAL RETENTION SCHEDULE 4/7/2014 CUNY-CIS Information Security Procedures Attestation Forms
More informationPAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationService Level Standard
Service Level Standard Personal Devices Revision History Date Version Changes 2/17/2012 1.00 Initial Draft Special Note: Service Level Standards will be reviewed and updated following the end of the spring
More informationCalifornia State University, Sacramento INFORMATION SECURITY PROGRAM
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationFinal Audit Report -- CAUTION --
U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Audit of Information Systems General and Application Controls and Administrative Expense Review at
More informationWHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery
WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights
More informationMille Lacs Band of Ojibwe Indians Gaming Regulatory Authority Detailed Gaming Regulations
I. SCOPE. This document includes the for Information Technology to be regulated and played in compliance with Title 15 of the Mille Lacs Band Statutes Annotated. II. REGULATIONS APPLICABLE TO INFORMATION
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security. Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Proc - A edures, dministrativ and e Documentation Safeguards
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationDepartment of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006
Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationGeneral Computer Controls
1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems
More information